From a75b18a4157ab486e0b51c438ac165ab3a08e3e0 Mon Sep 17 00:00:00 2001
From: k94314517 <8417338+k94314517@user.noreply.gitee.com>
Date: 星期四, 25 七月 2024 18:10:00 +0800
Subject: [PATCH] 代码提交

---
 server/web/src/main/java/com/doumee/api/web/CustomerManageApi.java |   23 ++++++++++++++++-------
 1 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/server/web/src/main/java/com/doumee/api/web/CustomerManageApi.java b/server/web/src/main/java/com/doumee/api/web/CustomerManageApi.java
index 6c9a1b8..0e4ab81 100644
--- a/server/web/src/main/java/com/doumee/api/web/CustomerManageApi.java
+++ b/server/web/src/main/java/com/doumee/api/web/CustomerManageApi.java
@@ -2,13 +2,13 @@
 
 import cn.hutool.http.HttpRequest;
 import com.amazonaws.util.Md5Utils;
-import com.amazonaws.util.StringUtils;
 import com.doumee.biz.system.SystemDataPermissionBiz;
 import com.doumee.biz.system.SystemDictDataBiz;
 import com.doumee.biz.zbom.ZbomCRMService;
 import com.doumee.biz.zbom.ZbomZhongTaiService;
 import com.doumee.config.annotation.LoginRequired;
 import com.doumee.config.annotation.UserLoginRequired;
+import com.doumee.core.annotation.pr.PreventRepeat;
 import com.doumee.core.annotation.trace.Trace;
 import com.doumee.core.constants.ResponseStatus;
 import com.doumee.core.exception.BusinessException;
@@ -31,6 +31,7 @@
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.codec.digest.DigestUtils;
 import org.apache.commons.codec.digest.Md5Crypt;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.apache.tomcat.util.security.MD5Encoder;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -127,18 +128,26 @@
         return  ApiResponse.success(zbomCRMService.getCrmGoUrl(this.getLoginUserInfo().getIamUsername(),type));
     }
 
+    @PreventRepeat(lockTime = 2000)
     @ApiOperation(value = "鐢熸垚灏忕▼搴忕爜", notes = "PAD绔�")
     @PostMapping("/getQrCode")
     @ApiImplicitParams({
-            @ApiImplicitParam(paramType = "header", dataType = "String", name = "interfaceToken", value = "token", required = true),
-            @ApiImplicitParam(paramType = "header", dataType = "String", name = "timestamp", value = "鏃堕棿鎴�", required = true),
+            @ApiImplicitParam(paramType = "header", dataType = "String", name = "sign", value = "绛惧悕锛堜娇鐢╰imestamp+appkey杩涜md5鍔犲瘑锛�", required = true),
+            @ApiImplicitParam(paramType = "header", dataType = "Long", name = "timestamp", value = "鏃堕棿鎴筹紙褰撳墠鏃堕棿姣锛�2灏忔椂鍐呮湁鏁堬級", required = true),
     })
-    public void getQrCode(@RequestBody GenerateQRCodeRequest generateQRCodeRequest, HttpServletRequest httpServletRequest, HttpServletResponse response) {
-        String interfaceToken = httpServletRequest.getHeader("interfaceToken");
-        String timestamp = httpServletRequest.getHeader("timestamp");
+    public void getQrCode(@RequestParam(value = "sign")String sign,
+                          @RequestParam(value = "timestamp")Long timestamp,
+                          @RequestBody GenerateQRCodeRequest generateQRCodeRequest,HttpServletResponse response) {
+        if(StringUtils.isBlank(sign) || timestamp == null){
+            throw  new BusinessException(ResponseStatus.BAD_REQUEST);
+        }
         String interfaceKey = systemDictDataBiz.queryByCode(Constants.ZBOM,Constants.ZBOM_PAD_INTERFACE_KEY).getCode();
+        //鍒ゆ柇鏃堕棿鎴虫槸鍚﹁秴杩囦袱灏忔椂
+        if(System.currentTimeMillis()-timestamp > 2 * 60 * 3600 * 1000){
+            throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"token宸插け鏁�!");
+        }
         String token = DigestUtils.md5Hex(timestamp+interfaceKey);
-        if(!token.equals(interfaceToken)){
+        if(!token.equals(sign)){
             throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"token宸插け鏁�!");
         }
         try{

--
Gitblit v1.9.3